Pastebin: It’s a favourite spot for hackers, such as the Anonymous-affiliated, to publicize their exploits.

It’s also the preferred receptacle for the doxing of purloined information.

Pastebin also happens to be a beloved punching bag for hackers to test their DDoS skills, Pastebin owner Jeroen Vader recently told the BBC.

Here’s how he described what a horror show it’s been to keep the site up and running lately:

February was a terrible month, so many attacks. It was a real nightmare to run the site. In the last three months not a single day has gone by that we didn't get some kind of DDoS attack, but in February there were some really long attacks going on. The longest one went on for more than 48 hours. Until this day not a single attack has been claimed. I do hear from people in the hackers community that many hackers like to test their DDoS skills on Pastebin.

Beyond the brute force required to keep the site’s head above DDoS waters, it’s also struggling to keep up with the prohibited material that’s often posted, he said.

When the BBC interviewer asked whether Pastebin should be more proactive when monitoring removal requests, given that people’s home addresses and other personal details sometimes get posted, Vader replied that the work of monitoring the site’s content is actually forcing him to hire extra hands. His quote:

"I am looking to hire some extra people soon to monitor more of the website's content, not just the items that are reported. Hopefully this will increase the speed in which we can remove sensitive information. This will give us more time to look at trending items in detail if they haven't been reported yet. Often articles contain a lot of information, and part of that can be a person's details. This does not mean straight away that it should be removed. Reading all those items, and determining which ones are hurtful, and which ones aren't, requires a lot of time. That's why we rely on the abuse report system at the moment. But there are plans to improve on this."

Pastebin’s guidelines prohibit users from posting email or password lists, stolen source code, or other personal information that doesn’t belong to the poster:

It has has relied on a combination of automatic filtering and user reports to fend off the pasting of prohibited material.

That said, it still happens quite a bit, as Vader describes:

"...We are very much aware that it happens a lot, but trying to automatically filter out such pastes is a pretty impossible task. Instead we heavily rely on our users to report items that do not comply with our FAQ. On average we get over 1,000 abuse reports a day via our on-site abuse report system, and another 200 or so come in via email. These are all monitored."

The BBC noted that readers have expressed concern that some Pastebin posts reveal personal details of people working for the authorities or the identities of people paying for pornography.

On one end of the privacy spectrum, the publicizing of such information disrupts people’s personal lives, the BBC suggests, but in worst-case scenarios could even endanger people’s very lives (think WikiLeaks and the outing of covert informants).

Is freedom of speech worth the risk? Vader acknowledges that he’s aware of how shocking it can be when one’s personal information is posted online.

In fact, it’s happened to him, he says. Fortunately, it occurred on Pastebin, so he managed to take it down quickly.

Pastebin monitors all removal requests, he told the BBC, and thus can often remove information within hours or even minutes of a request being lodged.

Pastebin is a centralized spot for hackers to easily release materials, putting them directly in front of the press and the world, rather than tucking them off into the internet’s more obscure nooks and crannies.

Vader believes that it’s important that people have access to this type of centralized site for “total freedom of speech,” as a means of getting their thoughts and ideals out to the rest of the world.

That concept of total freedom includes being a sounding board for two extremes and everything in between.

At one end are the voices of the citizens of repressive regimes. At the other end is the rampant posting of material that strays into prohibited territory, into illegal activity, and into egregious publicizing of personal information.

It’s the classic dilemma of free speech: Is the one extreme—the good done by providing a venue for all voices, including those of the repressed—worth putting up with the extreme at the morally questionable or outright objectionable end?

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.

3 comments on “Pastebin, its mission of freedom, and the tribulations of hacker escapades”

I don't know that it's just a free speech issue. One of my most important Google Alerts is for my own email address showing up on pastebin. If my credentials (or the credentials of my coworkers) are stolen, and I find out on pastebin– I think that's a public good!
If pastebin starts doing a better job of taking this stuff down, credentials are still going to get stolen, but the lists of hacked accounts will be driven underground.